Skip to content

This repo contains the data and tools from the accompanying "MinerRay: Semantics-Aware Analysis for Ever-EvolvingCryptojacking Detection"ASE 2020 submission

Notifications You must be signed in to change notification settings

miner-ray/miner-ray.github.io

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Paper: MinerRay: Semantics-Aware Analysis for Ever-Evolving Cryptojacking Detection

MinerRay is a tool to detect hidden in-browser crypto mining scripts by analyzing WebAssembly files for known hashing behavior.

This repository contains the source code for the MinerRay implementation. The datasets generated are included as well.

The MinerRay Parser reads a file in WebAssembly Text format to create the list of abstractions for each function defined in the file. After the individual lists for each function are created, the lists are scanned for CALL abstractions to link them with the abstractions list of the other functions. Graphs are built using the abstractions list for each individual function and then

The JS Miner Detection tool scans a provided URL for JavaScript miners by parsing the captured JavaScript files with Esprima to build the abstract syntax tree for each file. The trees are traversed to search for the main hashing loop. This tool is used to detect JS-only miners such as JSECoin and hybrid JS-Wasm miners such as WebDollar.

The Wasm Dump Reader allows for batch processing of the retrieved .wasm binary files by converting them to .wat and running them through the MinerRay parser.

MinerRay Parser

In order to run the MinerRay Parser, you need to have Node.js installed and Redis installed and running. The default configuration for Redis is assumed.

Run npm install in the directory to install the necessary Node.js dependencies.

Run the parser with node parser.js --file <file>, where is the path to a WebAssembly Text file to parse.

JS Miner Detection

In order to run the JS Miner Detection, you need to have Node.js installed.

Run npm install in the directory to install the necessary Node.js dependencies.

Run the parser with node lib/index.js -u <url>, where is the URL of the possible miner page to scan.

Wasm Dump Reader

In order to run the Wasm Dump Reader, you need to have the wabt tools built and the binaries added to the PATH. The MinerRay Parser also needs to be downloaded and have the dependencies installed.

Run npm install in the directory to install the necessary Node.js dependencies.

Run node wasmDumpReader.js --parserPath <parserPath>, where is the path to the MinerRayParser (without a trailing /).

This folder contains samples of WebAssembly code found through crawling in the SampleWasmFiles folder. The file HashingSiteResultSamples.csv contains some samples of the results of a few websites.The list of hashing sites can be seen in the sites.csv file.

About

This repo contains the data and tools from the accompanying "MinerRay: Semantics-Aware Analysis for Ever-EvolvingCryptojacking Detection"ASE 2020 submission

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •